After millions of shoppers fell victim to massive data breaches at Target and Neiman Marcus, a new report shows the mastermind behind the malware used in the attacks is a 17-year-old boy cyber-criminal from Russia. He developed a malware program that totally screwed over Target and Neiman Marcus over Christmas holiday.
The massive data breach at Target during the 2013 holiday shopping season which the retailer now admits affected 70 million customers used an inexpensive “off the shelf” malware known as BlackPOS. The same malware may have also been involved in the Neiman Marcus attack. Security researchers from IntelCrawler, a Los-Angeles based cyber intelligence company, announced that the age of BlackPOS malware author is close to 17 years old and the first sample of it was created in March 2013. The first report on this malware was done in the beginning of spring by Andrew Komarov, IntelCrawler CEO, when he was working in another forensics company.
According to own sources of IntelCrawler the first infected Point-of-Sales environments by BlackPOS were in Australia, Canada and the US. The first name of the malware was a lyric “Kaptoxa” (“potatoe” – in russian slang), which then was renamed to “DUMP MEMORY GRABBER by Ree” for forums postings, but the title for C&C had string “BlackPOS”. During that time, “Ree” (“ree4″) has sold more then 40 builds of BlackPOS to cybercriminals from Eastern Europe and other countries, including the owners of underground credit cards shops such as “.rescator”, “Track2.name”, “Privateservices.biz” and many others.
The same dates the detailed information and reverse engineering report were shared with Visa and several major US banks, after which US LEA released internal notification for financial industry about that. The bad actor was pretty opened for trading this malware for 2 000 USD or by receiving 50% from selling of all intercepted credit cards by his customer through Liberty Reserve.
According to operative information from IntelCrawler, the person behind the nickname “ree” is Sergey Taraspov, having roots in St.Petersburg and Nizhniy Novgorod (Russian Federation), very well known programmer of malicious code in underground. “He is still visible for us, but the real bad actors responsible for the past attacks on retailers such as Target and Neiman Marcus were just his customers”, comments Dan Clements, IntelCrawler President.
More detailed : IntelCrawler